131 Security Blogs

Last Updated: 03 Apr 25 02:46 UTC

Blog List | Github | OPML

2025-04-02

Fastly

Future-Proofing TLS Encryption Against Quantum Threats

Rapid7

Preview the Action: Two New Sessions Available Before Take Command 2025

Rapid7

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Amazon Security

AWS achieves Cloud Security Assurance Program (CSAP) low-tier certification in AWS Seoul Region

Amazon Security

Planning for your IAM Roles Anywhere deployment

Malwarebytes

“Nudify” deepfakes stored unprotected online

Malwarebytes

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Datadog HQ

Reduce costs and enhance security with cross-region Datadog connectivity using AWS PrivateLink

Eclypsium

Eclypsium @ RSAC 2025

Schneier on Security

Rational Astrologies and Security

Evan Connelly

Hacking the Call Records of Millions of Americans

SentinelOne

The Overlooked Six | AWS Security Blind Spots

Satoshi's Blog

What keeps kernel shadow stack effective against kernel exploits?

ReversingLabs

CVEs lose relevance: Get proactive — and think beyond vulnerabilities

Dark Reading

DPRK 'IT Workers' Pivot to Europe for Employment Scams

Dark Reading

In Salt Typhoon's Wake, Congress Mulls Potential Options

Dark Reading

How an Interdiction Mindset Can Help Win War on Cyberattacks

Dark Reading

Gootloader Malware Resurfaces in Google Ads for Legal Docs

Dark Reading

Malaysian Airport's Cyber Disruption a Warning for Asia

Meta Security

Meta Open Source: 2024 by the numbers

2025-04-01

Fastly

#hugops for vibe coders

Rapid7

A New Approach to Managing Vulnerabilities is Required - Work Smarter not Harder with Rapid7 Remediation Hub

Rapid7

What’s New in Rapid7 Products & Services: Q1 2025 in Review

Microsoft Security

Transforming public sector security operations in the AI era

Github Security Blog

GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help

Malwarebytes

Intimate images from kink and LGBTQ+ dating apps left exposed online

Datadog HQ

Manage PCI DSS v4.0.1 requirements with Datadog

Datadog HQ

Simplify multi-cloud cost management with FOCUS and Datadog

Datadog HQ

This Month in Datadog - March 2025

SpiderLabs

Babuk2 Bjorka: The Evolution of Ransomware for ‘Data Commoditization’

Schneier on Security

Cell Phone OPSEC for Border Crossings

Auth0

March 2025 Updates: What’s New in Auth0 (Developer Edition)

Mozilla Security

Updated GPG key for signing Firefox Releases

Cloudflare

“You get Instant Purge, and you get Instant Purge!” — all purge methods now available to all customers

Elastic Security Labs

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

watchTowr Labs

XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748)

Hunt and Hackett

The Evolving Threat of OT: Do You Know Your Weak Spots?

Praetorian

An Improved Detection Signature for the Kubernetes IngressNightmare Vulnerability

The Citizen Lab

Gender-Based Digital Transnational Repression and the Authoritarian Targeting of Women in the Diaspora

ReversingLabs

OpenSSF guidelines encourage OSS developers to build securely

Dark Reading

Google Brings End-to-End Encryption to Gmail

Dark Reading

Visibility, Monitoring Key to Enterprise Endpoint Strategy

Dark Reading

Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks

Dark Reading

As CISA Downsizes, Where Can Enterprises Get Support?

Dark Reading

Japan Bolsters Cybersecurity Safeguards With Cyber Defense Bill

Dark Reading

Check Point Disputes Hacker's Breach Claims

Dark Reading

FDA's Critical Role in Keeping Medical Devices Secure

Dark Reading

Google 'ImageRunner' Bug Enabled Privilege Escalation

Dark Reading

Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks

Snyk

Get Off My Lawn and Fix Your Vulnerabilities!

Snyk

Q&A Session with Snyk & John Hammond: Your Fetch the Flag Questions, Answered

Bishop Fox Security

SonicWall-CVE-2024-53704: Exploit Details

Bishop Fox Security

Tomcat CVE-2025-24813: What You Need to Know

Palo Alto Networks

Platformization Maximizes Security Efficacy & IT Operations Efficiency

Compass Security Blog

I wannabe Red Team Operator

TrustedSec

CUI For the Rest of Us: The New Government-Wide CUI Protection Contract Clause

2025-03-31

Rapid7

Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard

Microsoft Security

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

Microsoft Security

New innovations in Microsoft Purview for protected, AI-ready data

Malwarebytes

Why we’re no longer doing April Fools’ Day

Malwarebytes

A week in security (March 24 – March 30)

Datadog HQ

Enrich your existing Datadog telemetry with custom metadata using Reference Tables

Datadog HQ

Monitor the performance of queues and topics with Azure Service Bus

Datadog HQ

Remediate Kubernetes incidents faster using private actions in your apps and workflows

Schneier on Security

The Signal Chat Leak and the NSA

Kevin Beaumont

Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service

Talos Intelligence

Beers with Talos: Year in Review episode

Talos Intelligence

Available now: 2024 Year in Review

White Knight Labs

Windows Kernel Buffer Overflow

Dark Reading

Oracle Cloud Users Urged to Take Action

Dark Reading

CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks

Dark Reading

Top 10 Most-Used RDP Passwords Are Not Complex Enough

Dark Reading

DoJ Seizes Over $8M From Sprawling Pig Butchering Scheme

Dark Reading

CISA Warns of Resurge Malware Connected to Ivanti Vuln

Dark Reading

Trend Micro Open Sources AI Tool Cybertron

Dark Reading

Bridging the Gap Between the CISO & the Board of Directors

Dark Reading

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Meta Security

Mobile GraphQL at Meta in 2025

Moonlock

Why does my search keep switching to Yahoo, and what is the Yahoo virus?

Bishop Fox Security

Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Krebs on Security

How Each Pillar of the 1st Amendment is Under Attack

2025-03-30

Project Black

ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4

Troy Hunt

Weekly Update 445

Ars Technica Security

FBI raids home of prominent computer scientist who has gone incommunicado

2025-03-29

Project Black

Disable TLS 1.0 and 1.1 via GPO

2025-03-28

Fastly

Making the Internet Sustainable— Starting from Its Infrastructure

Rapid7

Metasploit Wrap-Up 03/28/2025

Rapid7

Overcoming the Challenges of Vulnerability Remediation

Amazon Security

AWS continues to support government cloud security and shape FedRAMP’s evolution toward automated compliance

Malwarebytes

Vulnerability in most browsers abused in targeted attacks

MalwareTech

The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It

Schneier on Security

Friday Squid Blogging: Squid Werewolf Hacking Group

Schneier on Security

AIs as Trusted Third Parties

SentinelOne

The Good, the Bad and the Ugly in Cybersecurity – Week 13

Talos Intelligence

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Hay Mizrachi

Hunting 12 Zero Days in Popular WooCommerce Plugins - A Research Journey

Dark Reading

GSA Plans FedRAMP Revamp

Dark Reading

Evilginx Tool (Still) Bypasses MFA

Dark Reading

Oracle Still Denies Breach as Researchers Persist

Dark Reading

Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market

Dark Reading

Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations

Dark Reading

SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks

Dark Reading

Malaysia PM Refuses to Pay $10M Ransomware Demand

Dark Reading

Concord Orthopaedic Notifies Individuals of Security Incident

Dark Reading

Navigating Cyber-Risks and New Defenses

Dark Reading

Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen

Moonlock

Has your Gmail been hacked? Here’s how to tell and how to recover your account

Moonlock

New phishing attack convinces users their Mac is locked

Moonlock

What is the Bing redirect virus, and how do you remove Google redirects to Bing?

Ars Technica Security

Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII

Ars Technica Security

Gemini hackers can deliver more potent attacks with a helping hand from… Gemini

Searchlight Cyber

Russian Zero-Day Seller Offers $4m For Exploits in Telegram

Palo Alto Networks

Addressing Federal Cybersecurity Challenges in the Cloud Era

TrustedSec

MCP: An Introduction to Agentic Op Support

2025-03-27

Rapid7

Unpacking a post-compromise breach simulation with Vector Command

Microsoft Security

US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID

Malwarebytes

“This fraud destroyed my life.” Man ends up with criminal record after ID was stolen

Malwarebytes

Moving from WhatsApp to Signal: A good idea?

Eclypsium

Juniper Routers, Network Devices Targeted with Custom Backdoors

Schneier on Security

A Taxonomy of Adversarial Machine Learning Attacks and Mitigations

SentinelOne

GPU Device Plugins | Unveiling Risks in Kubernetes Workloads

Talos Intelligence

Money Laundering 101, and why Joe is worried

ReversingLabs

AI coding tools weaponized: What your AppSec team needs to know

Dark Reading

Hoff's Rule: People First

Dark Reading

How CISA Cuts Impact Election Security

Dark Reading

OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update

Dark Reading

DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union

Dark Reading

Student-Powered SOCs Train Security's Next Generation

Dark Reading

Fake DeepSeek Ads Spread Malware to Google Users

Dark Reading

High-Severity Cloud Security Alerts Tripled in 2024

Zero Day Initiative

MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities

Moonlock

Secret US war plans leaked in a Signal group chat by accident

Moonlock

How to scan Chrome for viruses and remove them permanently

Krebs on Security

When Getting Phished Puts You in Mortal Danger

Google Security Blog

New security requirements adopted by HTTPS certificate industry

Palo Alto Networks

Is Your Browser Ground Zero for Cyberattacks?

TrustedSec

Getting the Most Out of Your API Security Assessment